Day 2 Agenda — 2021 AFERM Summit (Tentative)

Speaker

Daniella Datskovska, President-Elect, Association for Federal Enterprise Risk Management (AFERM)

Gene Dodaro will provide an overview of the GAO High Risk List including recent changes and describe how ERM can help agencies with high risk issues.

Learning objectives: 

• Provide an overview of the GAO High Risk List including recent changes.
• Describe how ERM can help agencies with high risk issues.

ERM integrating with strategy and performance.

A panel of CROs/heads of ERM discuss:

• Which skillsets they feel are important in effective ERM teams and in CROs,
• What they look for when interviewing ERM professionals, and
• What different backgrounds can bring to ERM (legal, accounting, performance, organizational dynamics, change management, etc.).

As with other enterprise risks, effective cybersecurity risk management embeds when: senior management has well understood and prioritized the key cybersecurity risks for the organization, the cybersecurity team is focused on prevention and mitigation of these risks and employees are well informed and incentivized to sustain cybersecurity awareness. Unfortunately, the complexity and highly technical nature of cybersecurity has frequently resulted in its implementation being the exclusive domain of specialized professionals. Insufficient engagement of senior management and regular employees exacerbates practically all cybersecurity risks, increasing their likelihood and potential severity. Consequently, finding and deploying ways to positively engage them represents an important effort in managing cyber risk. Our session empowers risk managers who are not IT experts to get actively involved in cybersecurity and facilitate engagement of both their organization’s senior management and other non-technical employees. We will present an intuitive cybersecurity risk categorization, which represents an easy-access way to introduce key types of cybersecurity risk to all non-expert employees. For each cybersecurity risk category, we provide a real-life example of where the risk occurred, including how the organization in question dealt with it and the consequences.

Discussion about how GAO’s High Risk List relates to ERM programs, using ERM and performance governance structures to address issues on the List, and working across agencies on multiagency risks.

The pandemic and the associated risks experienced by Federal agencies exposed vulnerabilities for future major global events to influence the future risk landscape.  Emerging risks could have a significant impact on an agency’s ability to effectively and efficiently meet their mission.  This session discusses how agencies have built sustainable risk analysis using different types of technology and tools to support the ongoing identification and analysis of emerging risks that could have a significant impact on an agency’s mission delivery.

This session discusses strategies for recruiting and developing new risk managers in an everchanging federal landscape. The Office of Housing-Federal Housing Administration’s (Housing-FHA) Office of Risk Management and Regulatory Affairs (ORMRA) hosted an impactful four-month professional development rotation for a cohort of Office of Housing employees. The Compliance and Risk Officer from the Administrative Office of the US Courts will discuss some of the unique challenges in the Judiciary and how they are managed.

With the increase in funding resulting from the COVID-19 pandemic as well as increased infrastructure appropriations, federal agencies are presented with more challenges than ever before to manage their increased grants portfolios while meeting their obligations under A-123. This interactive session will present participants with information designed to address risks presented by increases in funding by using data to develop risk-based monitoring plans, and how this fits into the ERM Framework.

Three experienced ERM practitioners will share lessons and provide illustrative stories about bringing ERM to federal agencies. The panelists will discuss what they have learned through their many years of experience assisting multiple federal agencies to build ERM into the way they do business.

This software demonstration/tour will highlight one of the hallmarks of rPM3 Solutions’ Aperitisoft™ software – its versatility. Using inherent features and easy user configuration, the software can support a wide range of different assessment applications. Clients are currently using Aperitisoft™ to assess information security posture (NIST & ISO 27001), environmental risk assessments (ISO 14000), project risk assessments, credit risk assessments, compliance assessments, and others. The software can also support third party risk assessments, health and safety assessments and risk-based selection of program / functional area audits.

During this session, Gary Bierc and Ken Fletcher demonstrate the versatility of the system configured to conduct a simple operational programs assessment using a set of basic criteria and automated assessment scoring.

Speakers

Gary Bierc, rPM3 Solutions
Ken Fletcher, Kestrel Hawk Consulting

Reputational Risk and the Future of Trust: Using TrustIQ to Understand and Enhance Trust in Your Organization Deloitte understands that in today’s hyper-connected world, your organization’s reputation will drive your planning, strategy and purpose. Trust and reputation are inextricably linked, with trust being the foundation of all meaningful relationships between an entity and its various stakeholders at both the individual and organizational levels. A nice-to-have is now a must-have; a principle is now a catalyst; a value is now invaluable. In this session Deloitte’s Future of Trust practice will provide a demonstration of TrustIQ, a data-driven solution that assesses both internal and external perceptions of levels of trust in your organization. We will explore the various domains of trust, how to anticipate risks to your reputation before they manifest, and how to take action to enhance and build trust with your stakeholders.

Speakers

Michael Bondar, Deloitte & Touche LLP
Cynthia Vitters, Deloitte & Touche LLP

Have you ever wondered why some ERM programs are more successful than others? We believe that being a resilient leader is key to having a successful ERM program. Join us for a discussion on key attributes of a resilient leader and strategies that risk leaders can use to launch and sustain their ERM programs. In addition, we will discuss the current environment we find ourselves in. VUCA is a phrase used in the military, but we believe our current environment can be described as volatility, uncertainty, change, and ambiguity (VUCA). Our risk leaders on the panel will discuss ways in which we can all use ERM to systemically address VUCA.

Results of Federal News Network’s ERM Survey

Many organizations, both in the public and private sectors, have set up formal ERM programs with well-defined roles and responsibilities (e.g., establishing the risk framework, defining the risk taxonomy, generating and maintaining the risk register, facilitating risk reporting). However, many ERM programs find it challenging to demonstrate real value to their organizations and perform as an equal partner, both when strategic decisions are made and as they are followed through into implementation. The panelists will share their experiences on how leading institutions have ‘cracked’ the problem and engage the audience to share their perspectives, particularly focusing on what has worked well.

Emerging risks are uncertain, but often hard-hitting. Executives often conclude that a response must be complex and costly, tempting them to delay action until the threat and need are proven. Getting more precise information about emerging risks to drive action is futile, but there is hope. Panelists will explore how risk leaders can identify emerging risks that require action, plus low-cost, low-regret responses that do not rise to the level of full risk mitigation.

Speaker

Daniella Datskovska, President-Elect, AFERM